Trusted computer system

ABSTRACT

A trusted computer system that offers Linux® compatibility and supports contemporary hardware speeds. It is designed to require no porting of common applications which run on Linux, to be easy to develop for, and to allow the use of a wide variety of modern development tools. The system is further designed to meet or exceed the Common Criteria EAL-5 or higher rating through incorporation of required security features, as well as a very high level of assurance for handling data at a wide range of sensitivity (e.g., classification) levels in a wide range of operational environments. This is achieved through the implementation of a well-layered operating system which has been designed from the ground up to enforce security, but which also supports Linux operating system functions and methods.

PRIORITY CLAIM

This application claims priority from Provisional U.S. PatentApplication Ser. No. 60/388,738, filed Jun. 17, 2002, which is herebyincorporated by reference in its entirety.

COPYRIGHT NOTIFICATION

This application inludes material which is subject to copyrightprotection. The copyright owner has no objection to the facsimilereproduction by anyone of the patent disclosure, as it appears in thePatent and Trademark Office files or records, but otherwise reserves allcopyright rights whatsoever.

FIELD OF THE INVENTION

The present invention relates to the field of trusted computing systems.

BACKGROUND OF THE INVENTION

The XTS-300™ Trusted Computer System, most recently manufactured byGetronics Government Solutions, LLC of Herndon, Va., has long been theonly National Security Agency (NSA) evaluated high-assurancegeneral-purpose computer system. Through careful design, the XTS-300 hasbeen evaluated at the Class B3 level by the NSA according to its TrustedComputer System Evaluation Criteria (TCSEC), the teachings of which areincorporated herein by reference in their entirety. The B3 rating isproof that the system provides a very high level of securityfunctionality. FIG. 1 provides a high-level overview of the requirementsto achieve various TCSEC security classification levels. The TCSEC isalso known more formally as the United States Department of DefenseStandard Number 5200.28-STD, and is often colloquially referred to asthe “Orange Book”.

Because of the high level of security functionality provided by theXTS-300, it has provided defense, intelligence, diplomatic, lawenforcement, and other communities with an extremely secure systemrunning on the latest generation of Intel server-class hardware. Inaddition, the XTS-300 leverages its commodity hardware architecture totake advantage of frequent hardware advances in the Intel® x86 hardwarebase and in the SCSI subsystem.

The XTS-300 is used as a platform upon which applications are built thatfilter data and enforce security policies. Filtering is a process whichallows rules-based inspection and selection criteria to be applied to avariety of data, thus allowing approved data, where appropriate, tosafely pass from one security classified level to another securityclassified level. Many of these programs have been called “Guards”because they guard one network from another using hardware enforcedprotections of the XTS-300 while still allowing selected data to flowthrough carefully architected and fully accredited logic paths betweennetworks of differing levels.

While the XTS-300 has been successful, the number and nature of thecomputer software programs which can be run on the XTS-300 is limited byits operating system.

SUMMARY OF THE INVENTION

Accordingly, a preferred embodiment of the present invention is directedto a system and method that substantially obviates one or more of theproblems due to limitations and disadvantages of the related art.

It is an object of the present invention to create a trusted operatingsystem comprising an application domain, in which trusted and untrustedapplications can be executed; an operating system services layer,wherein the operating system services layer provides interfaces allowingapplications written for at least one other operating system to be runin the trusted operating system, whereby the operating system serviceslayer emulates the at least one other operating systems; a trustedsystem services layer; and a security kernel, for enforcing systemsecurity policy and integrity rules, and for providing basic operatingsystem services, including facilitating user and administrator actions.

It is another object of the present invention to create a trustedcomputer system comprising at least one processor, wherein each of theat least one processors supports a multi-domain architecture; at leastone terminal, for facilitating operation of the trusted computer system;at least one data storage unit; at least one memory unit; and a secureoperating system running on the trusted computing system, wherein thesecure operating system utilizes the multi-domain architecture of the atleast one processor to enforce process isolation.

It is yet another object of the present invention to provide a securitypolicy enhancement system, comprising at least one processor, wherein atleast one of the at least one processors implements a multi-domainarchitecture; at least one Random Access Memory unit; a secure operatingsystem, wherein the secure operating system operates at least twodifferent security classification levels, with data existing in each ofthe security classification levels; and, at least one data securityverification means, wherein the data security verification meansperforms security checks on the content of data to determine if the datacan be transferred by the secure operating system from oneclassification level to another.

It is still another object of the present invention to provide a trustedoperating system which emulates another operating system by allowing anapplication program written for the other operating system to execute onthe trusted operating system without requiring changes to theapplication program.

Another object of the present invention is to create a trusted operatingsystem, capable of concurrently running a plurality of processes, whichprovides a subtype mechanism wherein the subtype mechanism allowsadditional access control differentiation beyond mandatory anddiscretionary access.

Yet another object of the present invention is to implement a trustedoperating system wherein four separate policies are enforced wheneverany process attempts to access any file system object, the policiescomprising a Mandatory Security Policy; a Mandatory Integrity Policy; aDiscretionary Access Control Policy; and a Subtype Policy.

Still another object of the present invention is to create a trustedoperating system which prevents a first process from learning about theexistence or status of a second higher classified process by limitingthe number and speed of covert storage channels.

Additional features and advantages of the invention are set forth in thedescription which follows, and in part will be apparent from thedescription, or may be learned by practice of the invention. Theobjectives and other advantages of the invention will be realized andattained by the structure particularly pointed out in the writtendescription and claims hereof as well as the appended drawings.

The present invention is preferably a general-purpose computing systemin that it can be used for a wide range of applications, from multi-userworkstation to trusted guard to trusted server. Although a preferredembodiment of the present invention leverages some of the hardwarearchitecture and operating system kernel design techniques used in theXTS-300, the preferred embodiment of the present invention describedherein has been rearchitected to add support for contemporary hardwareand a robust set of Linux® Application Programming Interfaces (APIs) andApplication Binary Interfaces (ABIs) so that the thousands of programsand commands written for Linux, in their binary form and without portingor recompilation, can be copied and run under the protection of thesecurity architecture implemented in a preferred embodiment of thepresent invention. Thus, a preferred embodiment of the present inventionprovides an emulated open source environment where ultra-securefunctions can be performed in a trusted manner.

In addition, a preferred embodiment of the present invention allowsother, trusted programs to access APIs unique to the present invention,thereby providing access to and, in certain situations, control oversome or all security aspects of a preferred embodiment of the presentinvention. While providing ABI/API compatibility with Linux (i.e.emulating Linux), the present invention is wholly a creation of theinventors and assignee hereto and uses no Linux kernel code. It istherefore a highly secure, Linux-compatible environment enjoying boththe freedom to run open source applications and the security associatedwith a guarded, proprietary system.

A preferred embodiment of the present invention employs an operatingsystem called the Secure Trusted Operating Program (STOP™). Unlikeearlier approaches, a preferred embodiment of the present invention isarchitected to support Linux ABIs/APIs and security enforcing APIs andcommands that are unique. This preferably allows the present inventionto provide unparalleled security while also permitting the presentinvention to run more standard, commercially available applicationswithout the need for substantial modifications.

A preferred embodiment of the present invention provides multilevelsecure Trusted Security Functions (TSFs), which are to the CommonCriteria for Information Technology Security Evaluation approximatelywhat Trusted Computing Base (TCB) was to the TCSEC, that allowsimultaneous processing and storage of data at different classificationsor sensitivities and needs-to-know (categories/compartments) by userswith different clearances and needs-to-know. Unlike systems whichoperate in system-high mode, which is typically defined as a securitymode of operation wherein each user, with direct or indirect access to aspecific information system, its peripherals, remote terminals, orremote hosts, has all of the following: (a) valid security clearance forall information within the information system; (b) formal accessapproval and signed nondisclosure agreements for all the informationstored and/or processed (including all compartments, subcompartmentsand/or special access programs); and (c) valid need-to-know for some ofthe information contained within the information system, a preferredembodiment of the present invention can eliminate arbitraryover-classifying of data.

A preferred embodiment of the present invention is designed for highrobustness and/or high risk environments, which implies not onlyincorporation of particular security features, but a very high level ofassurance. This level of assurance allows a preferred embodiment of thepresent invention to be accredited to handle data at a wide range ofsensitivities (e.g., classification levels) in a wide range ofoperational environments. The present invention is designed to provide ahigh level of security while running many kinds of applications,including specialized applications such as network guards or filters forhandling the semi- or fully automatic downgrading and/or down flow ofinformation.

It is to be understood that both the foregoing general description andthe following detailed description are exemplary and explanatory and areintended to provide further explanation of the invention as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are included to provide a furtherunderstanding of the invention and are incorporated in and constitute apart of this specification, illustrate embodiments of the invention andtogether with the description serve to explain the principles of theinvention.

In the drawings:

FIG. 1 is a table providing a high-level overview of the requirements toachieve the various TCSEC security classification levels.

FIG. 2 is a table illustrating the minimum TCSEC rating a system shouldhave to allow users within a given range of authorizations to accessdata within a given range of classifications.

FIG. 3 is a block diagram illustrating the four domain architectureemployed in a preferred embodiment of the present invention.

FIG. 4 is a table providing a presently preferred hardware specificationfor a computer system used as part of a preferred embodiment of thepresent invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

Reference will now be made in detail to preferred embodiments of thepresent invention, examples of which are illustrated in the accompanyingdrawings.

The operating system component of a preferred embodiment of the presentinvention is a multiprogramming operating system that can supportterminal connections for multiple users. In a presently preferredembodiment, up to 200 processes can run concurrently, each with up tofour gigabytes of virtual memory. The operating system component of thepresent invention also preferably supports Linux APIs and can run, in asecure environment, most object or binary programs compiled on Linuxwithout requiring modification of such object or binary programs. Inaddition, the present invention preferably provides an X-Windowsgraphical user interface (GUI) outside the Trusted Security Functions(TSF), which can be made available at a console for work by untrustedusers.

A preferred embodiment of the present invention also permits networkconnectivity by building TCP/IP and Ethernet protocols(10BaseT/100BaseT) into the TSF, while also supporting theimplementation of network servers (e.g., SMTP, HTTP, and the like)outside of the TSF. In an embodiment of the present invention expectedto pass Common Criteria evaluation, attachments within the same networkmust currently be single-level, while multiple networks can each be atdifferent levels.

A preferred embodiment of the present invention implements all currentlyaccessible windows on a given display at the same security level.Although a preferred embodiment of the present invention does notsupport multi-level cut-and-paste due to security concerns and possibleprocessor overhead, it should be appreciated by one skilled in the artthat such functionality can be implemented without departing from thespirit or the scope of the present invention. A preferred embodiment ofthe present invention implements a trusted path mechanism, preferablyimplemented as a Secure Attention Key (SAK), for execution of commandsat other security levels. Such commands are preferably entered through atrusted command interface. Initiation of the trusted path causessuspension of the GUI, and absolutely isolates the trusted commandinterface from the GUI environment.

A preferred embodiment of the present invention is based around acombination of a multilevel secure operating system and a customizedIntel x86 hardware base. The operating system component of the presentinvention preferably provides mandatory access control that allows forboth a security (MAC) and integrity (MIC) policy. The mandatory securitypolicy enforced by a preferred embodiment of the present invention isreflective of the Bell and LaPadula security model, as described in D.Bell and L. LaPadula; “Secure computer systems: MathematicalFoundation,” ESD-TR-73-278, Vol. 1, Mitre Corp, 1973, the teachings ofwhich are incorporated herein by reference in their entirety.

Beyond the minimal requirements for a TCSEC B3 or Common Criteriasystem, a preferred embodiment of the present invention provides amandatory integrity policy (which is required by medium- andhigh-robustness profiles), an extra subtype policy, and a familiar,Linux-like operating environment. By way of example, without intendingto limit the present invention, the integrity model of a preferredembodiment of the present invention can be used for advanced virusprotection. The mandatory integrity policy is reflective of the Bibaintegrity model, as described in Biba, K. J., “Integrity considerationsfor Secure computer Systems”, ESD-TR 76-372, MITRE Co., Apr. 1977, theteachings of which are incorporated herein by reference in theirentirety.

In addition to mandatory access control, a preferred embodiment of thepresent invention also implements discretionary access control (DAC) andprovides user identification and authentication means needed for userID-based policy enforcement. A preferred embodiment of the presentinvention provides a policy mechanism, called “subtypes,” which can beused in a customer-specific way in conjunction with MAC, MIC, and DACcontrols. In this embodiment, each device, process, and file systemobject has a subtype attribute. Each process has 3 lists of accessiblesubtypes, one for each the aforementioned device, process and filesystem object types. In order to access an object of one of those types,a process must have the object's subtype on its own subtype list.

These four mechanisms ( DAC, MAC, MIC and Subtype) can be used invarious application designer chosen combinations to restrict or permitaccess to various data objects, processes, devices and the like. Aparticular file, for example, might be restricted by a selection ofthese access controls to being changeable only by a process of a certainclassification but even beyond that, by only a certain group and even bya certain user.

The TSF exhibits several strong architectural characteristics,including: minimization, layering, abstraction, and data hiding. As usedherein, minimization refers to an operating system design techniquewherein non-critical non-security functionality is kept apart from theTSF to reduce overall system complexity. This can allow humans tosuccessfully evaluate complex data processing programs and systems.Layering, as used herein, refers to an operating system design techniquewherein the TSF employs a modularized design with “layers” used as anorganizing principle. This provides clearly defined interfaces,individual layer testing, facilitates a locking hierarchy, and pointsout the layers of data abstraction, as data which is more abstract wouldbe at higher layers. Abstraction, as used herein, refers to an operatingsystem design technique wherein more complex data structures are builtfrom less complicated ones. Abstraction is used to hide unneeded orundesired details which may be appropriate at one layer of the OperatingSystem from processes or modules which operate within a higher layer.Data hiding, as used herein, refers to an operating system designtechnique wherein the scope of data is minimized. Data which is hiddenis visible to only those modules for which visibility is necessary. Datahiding is used to force the use of abstraction. The TSF makes use ofhardware features to provide process separation and TSF isolation andhas been designed and implemented to resist penetration. The systemdesign is based on a formal security model and other high-level designdocumentation.

Unlike most modem operating systems, the operating system component ofthe present invention has preferably been architected around security.Thus, every level of the system, including each database, application,user, terminal, and process, has a level of security associated with it.As illustrated in FIG. 3, the operating system portion of a preferredembodiment of the present invention utilizes an architecture referred toas “rings of isolation” (also referred to as “domains”), in which theinner rings cooperate to provide security functionality, and the outerrings depend on the inner rings for proper functioning.

The multi-domain architecture illustrated in FIG. 3 prevents terminalsfrom simultaneously connecting to processes at different MAC levels. Toconnect to a process with a different level, a user must firstdisconnect, or the operating system must disconnect the user, from anyprocesses currently running. The operating system is essentiallytamperproof due to this domain architecture and process isolation. Infact, a preferred embodiment of the present invention is so secure thateven processes are restricted by domain privileges, and are allowed tosend messages only to those other processes that have the same or lesserdomain privileges. All of these conventions are enforced within thesystem itself. By way of example, without intending to limit the presentinvention, Domain 0 of FIG. 3, which represents the Security Kernel andwhich operates at the system's highest level of security, isinaccessible by users. Input/Output device drivers reside at this level,thereby preventing unauthorized access to the device drivers.

In addition to enforcing security using the domain architecturedescribed above, a preferred embodiment of the present invention furtherseparates administrator and operator roles using an integrity policy.The system enforces the “principle of least privilege” (i.e., usersshould have no more authorization than that required to perform theirfunctions) for administrator and operator roles. All actions performedby privileged (and normal) users can be audited. The audit log isprotected from modification using integrity and subtype mechanisms.

The operating system component of a preferred embodiment of the presentinvention also provides an alarm mechanism to detect any accumulation ofevents that indicate an imminent violation of the security policy, suchas a series of unsuccessful logins or inaccurate passwords. Individualaccountability is provided with an auditing capability. Data scavengingis prevented through object reuse (i.e., residual data) preventionmechanisms.

The multilevel security features of a preferred embodiment of thepresent invention's TSF enforce trusted labeling, a mandatory accesscontrol policy, and a mandatory integrity control policy that enable thesystem to allow users with different clearances and needs-to-know tosimultaneously store and process information that exists at differentclassification levels or sensitivities and/or in different need-to-knowcategories or compartments. Authorized users can process information atits actual sensitivity level, helping to eliminate the arbitraryover-classification of information that often occurs in system-highoperations.

With respect to an embodiment of the present invention deployed orevaluated using the Common Criteria, the present invention is preferablydesigned to meet EAL5 assurance requirements, with portions of the EAL6and EAL7 requirements also met. For the most part, these EALrequirements are similar to the Orange Book (i.e., TCSEC) B3 assurancerequirements. The security functionality required for B3 is preferablyachieved, but the exact set of functional requirements met by apreferred embodiment of the present invention will depend on theprotection profiles put forward by customers.

As illustrated in FIG. 1, a system that is rated as a Class B3 systemprovides a TCB/TSF that provides the security features required by theTCSEC. The NCSC's Guidance for Applying the DoD TCSEC in SpecificEnvironments (known as “The Yellow Book”, the teachings of which areincorporated herein by reference in their entirety) includes a “SecurityIndex Matrix for Open Security Environments”. By way of clarification,the terms Open and Closed indicate the strictness of security controlsin the system's development environment, not its operationalenvironment. FIG. 2 shows the minimum TCSEC rating a system should haveto allow users within a given range of authorizations to access datawithin a given range of classifications.

The wider the range of classifications, the higher the rating the systemneeds to assure it will protect data. Class B1 systems (e.g.,compartmented-mode workstations) provide too little assurance for manymultilevel processing scenarios in which data ranges from Unclassifiedto Secret, or from Secret to Top Secret/SCI compartmented.

The operating system component of the present invention preferablycomprises a Trusted Computing Base (TCB) and Trusted Security Functions(TSF), which enforce security policy, and untrusted commands, whichgenerally provide user interfaces familiar to Unix and/or Linux users.

A preferred embodiment of the present invention leverages the Pentium®or Xeon™ CPU's four-domain chip architecture to reinforce the operatingsystem component's mandatory security and integrity access controlpolicies by physically isolating security domains in hardware, therebypreventing system processes from tampering with each other. Themulti-domain CPU architecture restricts access to segments, pages, andinstructions. As illustrated in FIG. 3, there are four levels: Domain 0to Domain 3, with Domain 0 being the most privileged level. The CPU alsoprovides multiple checks for protection violations within memoryreferences.

As illustrated in FIG. 3, non-TSF processes and TSF processes are mappedinto the multi-domain CPU architecture in the same manner. Both types ofprocesses map to the same Domain 0 Kernel, Domain 1 Trusted SystemServices, and Domain 2 Operating System Services. More information onthe processes in each domain follows.

Domain 0: Security Kernel

The most privileged domain, the Security Kernel contains most of theReference Monitor that enforces system security policy. Small and wellstructured to enable complete security evaluation, testing, andverification, the Kernel provides basic OS services. Such servicesinclude, but are not limited to, resource management, processscheduling, interrupt and trap handling, auditing, and mandatory anddiscretionary access policy enforcement for processes and deviceobjects. To facilitate such enforcement, I/O device drivers preferablyreside in Domain 0. Domain 0 processes cannot be directly called ormodified by users.

Domain 1: Trusted System Services (TSS)

TSS provides networking, I/O, file system management, and file systemobject discretionary access policy enforcement for both trusted anduntrusted system processes and applications. The TSS environment iscontrolled by the Security Kernel, which enforces mandatory security,mandatory integrity, and subtype control on the TSS and all otheroperations. Domain 1 processes cannot be directly called or modified byusers.

Domain 2: Operating System Services (OSS)

OSS provides APIs expected by applications written for Linux or usingLinux tools. OSS also provides proprietary APIs to help manage and usetrusted aspects of a preferred embodiment of the present invention. OSStranslates the APIs into trusted operating system primitives provided bythe Kernel and TSS. OSS also manages some application signals andprocess groups. Due to the security architecture of a preferredembodiment of the present invention, applications can interface withonly the OSS portion of the TSF—they cannot call TSS or the Kerneldirectly.

Domain 3: Application Domain

If a process is running at low integrity and has no privileges, it isconsidered untrusted. These untrusted applications include the usercommands and tools that are familiar to Linux/Unix users. Both trustedand untrusted applications execute in Domain 3, and can only execute inDomain 3.

Trusted Software

Trusted Software includes all security-relevant functions that operateas independent services (e.g., a security map editor). Some TrustedSoftware functions may bypass the TSF's mandatory and/or discretionarycontrols, e.g., to enable high-integrity users to establish/modify thefile system hierarchy to accommodate use of high-integrity nodes.Trusted Software functions are available to system operators andadministrators for security-related housekeeping, including, but notlimited to user registration/removal, password assignment, systeminstallation/configuration, and privileged tasks not supported by otheroperating system components. A few Trusted Software functions, such asapplication session start-up, are available to Domain 3 users.

Untrusted Software and Runtime Libraries

Also included as an optional part of a preferred embodiment of thepresent invention is a Software Development Environment that enablesdevelopers to write their own untrusted applications. Typically, “C” isthe programming language used for such untrusted applications, althoughother languages and shells supported by Linux could be used. Untrustedcommands and programs are distributed with the operating system foradministration of the system.

Trusted Databases

A preferred embodiment of the present invention implements trusteddatabases which contain sensitive user and group access, sessioncontrol, and print queue information which is protected fromunauthorized modification by unprivileged processes. Trusted databasescan be manipulated only by user-developed trusted processes, or trustededitors used by system/security administrators.

Philosophy of Protection

To enforce the mandatory access policies that make a preferredembodiment of the present invention multilevel secure, the operatingsystems component implements a Reference Monitor. The Reference Monitorenforces authorized access relationships between system subjects such astrusted and untrusted processes acting on a user's behalf to performaccesses, or the like, and system objects, such as file system objects,devices, semaphores, sockets, processes, and the like.

Trusted system subjects are used mainly for functions that manipulatethe system's trusted databases or perform strictly controlledcircumventions of the TSF's mandatory and/or discretionary access rules.A typical example of a trusted process is a Regrader(reclassifier/relabeller) process in a Trusted Guard. Except for thosefew processes that must update a trusted database or bypass theoperating system component's access controls, untrusted subjects can berelied upon to perform most application functions.

Reference Monitor

A Reference Monitor compares each attempt by a subject to reference, oraccess, an object against a list of reference types (including read,write, and/or execute) the subject is authorized to perform on thatobject. The Reference Monitor's access validation mechanism is invokedfor every reference by a subject to an object, thus preventing anyunauthorized accesses. To ensure its integrity, the Reference Monitor'saccess control/validation mechanism is programmed to be tamperproof. TheReference Monitor is implemented in the TSF, which derives from theIntel CPU's multi-domain isolation mechanisms the absolute separation ofthe Reference Monitor from Domain 2 and Domain 3 functions andapplications running on the system.

TSF Assurance Mechanisms

All software processes on the present invention are preferably isolatedfrom one another by the Security Kernel's enforcement of theBell-LaPadula security and Biba integrity rules. Processes may onlyaccess information they dominate, and the entire TSF is protected fromunauthorized tampering via the following mechanisms:

Domain Isolation

Domain isolation protects code and data in the Kernel from modificationby processes in any other Domain and protects the code and data in eachDomain from modification by users/processes in any less privilegedDomain.

Integrity

The system's mandatory integrity mechanism sets integrity levels of TSFprogram files, databases, and most trusted software processes tooperator or higher and excludes untrusted users (subjects) from the TSFby limiting their maximum integrity to less than that of TSF objects.

Process Isolation

Trusted Software processes (like most applications) keep their workingdata in process-local data areas that cannot be shared by otherprocesses or accessed by untrusted software. The Kernel prevents anyprocess from directly accessing another process' program text and localdata and prevents untrusted processes from modifying trusted processesand their data.

Trusted Path

In a preferred embodiment, before a terminal can communicate with theTSF, the operator must press the Secure Attention Key (SAK), whichtemporarily disconnects the terminal from any untrusted processorprocesses. This ensures that the user is communicating with the TSF, notwith an untrusted process spoofing a TSF process. Any unlocked terminalused by trusted software is protected from untrusted software and otherusers' processes by a terminal-unique device subtype. When a user entersthe TSF via the secure path, the secure server detaches the terminal'ssubtype from all untrusted processes associated with the session.Terminal access to untrusted processes is restored only after the userexplicitly exits the trusted environment.

Subtypes

Subtypes are used like tokens; to access an object on the system, asubject must possess the object subtype for that object. The system'ssubtype mechanism is used by the Kernel to restrict access to processes,trusted databases, and devices. As described above, the primary use ofsubtypes is to provide control over the Trusted Path; when the SAK ispressed, the Server changes the subtype of the terminal to prevent anyuntrusted process from accessing it. Subtypes are also used by the filesystem management (FSM) process to assure that FSM gets exclusive accessto the file object. When it accesses the file object, FSM resets thesubtype to one to which only FSM has access. After it finishesprocessing the file, FSM resets the file to its original subtype.Finally, subtypes are used to protect the system's trusted databases, bygiving only trusted programs the appropriate subtypes needed to accessthe databases.

Mandatory Security Policy

Each object in a preferred embodiment of the present invention isreferenced by a unique identifier, and has its own set of access andstatus information (including subtypes) to implement non-hierarchicalmandatory access controls based on need-to-know, and mandatory anddiscretionary access attributes. An object's mandatory accessinformation includes its mandatory security and integrity levels andcategories or compartments; this information provides the basis on whichthe Kernel makes mandatory access control decisions related to theobject.

Subjects in a preferred embodiment of the present invention can onlyreference objects according to the NCSC-approved Bell-LaPadula formalmathematical model of computer security policy. This policy isimplemented by a set of security rules designed to protect data fromunauthorized access. Briefly, the mathematical model operates asfollows:

Simple Security: Subject may read or execute object only when subject'ssecurity level dominates objects.

Security*Property: Subject may write object only when object's securitylevel dominates subjects. The present invention's Security*Propertyimplementation preferably allows subject to write object only whensubject and object are at the same security level. This prevents lowerlevel subjects from writing higher-level objects they cannot lateraccess.

A preferred embodiment of the present invention supports 16 hierarchicalsecurity classifications and 64 independent non-hierarchical“need-to-know” security categories/compartments.

Mandatory Integrity Policy

A preferred embodiment of the present invention enforces K. J. Biba'sintegrity policy, a corollary to the Bell-LaPadula model, which enforcesthe system's mandatory integrity rules. Just as the system's mandatorysecurity rules protect information from unauthorized disclosure, thesystem's mandatory integrity rules protect information from unauthorizedmodification.

The system's mandatory integrity policy enables the securityadministrator or developer to establish highly protected executiondomains in which executables may read the files they need while thosefiles remain protected from modification by unauthorized logic ormalicious code. A preferred embodiment of the present inventionpresently supports 8 hierarchical role-based integrity classificationsand 16 independent non-hierarchical need to-know integritycategories/compartments. Briefly, the integrity model operates asfollows:

Simple Integrity: Subject may read or execute object (e.g., data file)only when object's integrity level dominates subjects.

Integrity *Property: Subject may write object only when subject'sintegrity level dominates object's. The present invention'sIntegrity*Property preferably allows a subject to write an object onlywhen the subject and object integrity levels are the same, preventinghigher-integrity subjects from writing lower-integrity objects (whichcould be considered trustworthy by other software) they cannot lateraccess.

Discretionary Access Controls

The present invention preferably enforces a discretionary access policywhereby access to an object is assigned by the object's owner accordingto the identity of subjects associated with the object and/or groups towhich those subjects belong. An object's discretionary accessinformation includes up to at least 7 user and group identifiers(including the object's owning user and owning group), and theirindividual read, write, and execute permissions. Read, write and executepermissions are also provided for “world”.

Access Modes: Subject may access object in only those mode(s) granted byobject's owner. Each object is assigned read, write, execute permissionsfor object's owner, owner's group(s), members of other groups allowed byowner, and all others (“world” permissions).

The TSF enforces the following series of rules to determine whether asubject should be granted discretionary access to an object:

-   -   If subject owns object, use specified owner permissions; if not,    -   If subject has entry in system's Access Control List, use those        permissions; if not,    -   If subject's group is same as object's group, use specified        group permissions; if not,    -   If subject's group exists in ACL, use group ACL permissions; if        not,    -   Use specified “world” permissions.

Subtype Control

Processes, devices, and file system objects are controlled by subtype inaddition to the mandatory and discretionary controls. Subtypes arenon-hierarchical. They can employed by trusted applications to separateapplications (e.g., such as stages in a guard), even if thoseapplications run with the same owner and at the same mandatory level.

Covert Channel Protection

Systems that enforce a mandatory security policy may still allowunintended signaling channels, or illicit information flows, that arecounter to the mandatory security policy. Such signaling channels andillicit flows are commonly known as covert channels. By way of example,without intending to limit the present invention, a classic covertchannel is created using the file system, such as by having a maliciousprocess at a low security level attempt to create a file. In such anexample, if the file creation attempt is successful, that is deemedequivalent to a “1”, and where the file creation attempt fails, that isdeemed equivalent to a “0”. A high security process can control whetherthe file creation attempt is successful by filling up the file system orportion thereof. Thus, a string of bits can be effectively communicatedfrom the high security process to the low security process by repeatingthis sequence over and over, with the high security process removing afile when it wants the low security process's creation attempt tosucceed. Such a communications means can be highly effective, and can beused to circumvent mandatory security policies or the like.

Covert channels are generally difficult to use, and low assurancesystems are not required to document or reduce them. However, apreferred embodiment of the present invention is designed to be highassurance and to offer protection in highly hostile environments,therefore the present invention preferably incorporates mechanisms toreduce the number and capacity (i.e., speed) of covert channels, andpotential covert channels are documented. Mechanisms employed in apreferred embodiment of the present invention which help to protectagainst covert channel use include, but are not limited to, introducingtiming delays and obscuring status values in situations which might beused as a covert channel.

Hardware

A preferred embodiment of the present invention preferably leverages thesignificant processing power and internal architecture of the Intel“Prestonia” Xeon™ 2+GHz CPUs to improve performance. FIG. 4 providesmore detail on a preferred standard hardware configuration of thepresent invention, including hardware peripherals which the operatingsystem component of a preferred embodiment of the present invention willsupport.

A preferred embodiment of the present invention can be embodied in towercase or rack mounted configurations, or in high density, TEMPEST, andZone embodiments. Careful configuration control and testing are appliedto assure delivery of a consistent, reliable, and secure product.

Applications

Trusted applications on a previous embodiment of the present inventionhave significantly aided in the maturation of multilevel security (MLS)to the point where MLS systems are being deployed widely in operationalconfigurations at low risk and with significant payoff. Numerouscertification and accreditation efforts have been completed ofnow-operational Trusted Applications—several developed byapplicants—that use the previous embodiment as their high-assuranceplatform. Many of these applications are Trusted Guards designed toallow the strictly controlled sharing of information among networksoperating at different sensitivity levels (e.g., Classifications) and/or“needs-to-know” (categories or compartments).

A preferred embodiment of the present invention can also be designed tobe backward compatible with these older trusted applications. However,two “enabling technologies” for building Trusted Guard applications forpresent invention, the DataSync Guard and the Standard Automated GuardEnvironment (SAGE), have also been developed.

With the operating system component of a preferred embodiment of thepresent invention, the development of Trusted Applications is mucheasier. Applications can be created entirely on “real” Linux systems,created entirely on an embodiment of the present invention implementedas a development system, or created partially on both. In any of thesedevelopment environments, an entirely new and richer set of rapidlyevolving development tools are available to the programmer and designer.

Guard-Enabling Technologies

DataSync Guard

The customizable DataSync Guard™ represents a new generation of TrustedGuard application, the first-ever TCP/IP socket-based High AssuranceGuard. The DataSync Guard strictly enforces the security policiesgoverning the connection-oriented transfer of data between systems thatreside on separate system-high networks at different classification (orsensitivity) levels. The DataSync Guard achieves near-real-time datatransfers. Originally conceived to enable the reliable synchronizationof databases operating at different sensitivity levels, the DataSyncGuard is communications protocol independent, and can handle ASCII,HTML, XML, well-formed binary and other data flowing between any twosystems that can transfer their data over socket connections to theGuard.

By replacing “store and forward” file transfer protocols with TCP/IPsockets as its data transfer mechanism, and performing most of itsprocessing in RAM which eliminates the need to write to or read fromdisk or resynchronize the file system each time data are passed from oneGuard subroutine to another, the DataSync Guard reduces the latencydelay of transactions during data throughput.

In a presently preferred embodiment, the DataSync Guard can supportcomplex filter profiles to mediate data transfers among databases on upto four different single-level system-high networks. The DataSync Guardcan filter ASCII and/or well-formed binary data, checking both thecorrect formatting of the header of the database transaction, andperforming security checks on the content of each data element. TheDataSync Guard can implement multiple “if-then-else” actions andsophisticated dirty word/clean word searches.

Standard Automated Guard Environment

The Standard Automated Guard Environment (SAGE™) is a set of designconcepts, interface definitions, executable code, and accreditationdocumentation. SAGE is a development environment for buildingconnectionless (store-and-forward) Trusted Guards, alternativelyreferred to as trusted gateways.

SAGE minimizes the coding required to implement Trusted Guards byproviding the common elements (processes, libraries, etc.) that mostGuards require. SAGE eases certification and accreditation of theseGuards by minimizing the Guard's TSSF. SAGE provides a well-structuredframework within which programmers can build Trusted Guard applicationsmore quickly and easily than developing those applications “fromscratch”. The general objective of a SAGE Guard is to securely,automatically, and efficiently allow a restricted flow of data betweentwo systems or networks with different security characteristics. Whilethe security policy can be customized by the Guard developer, SAGE hasbeen designed to accurately enforce that policy and to protect data fromunauthorized disclosure or modification while the data resides on apreferred embodiment of the present invention.

SAGE has been developed in standard ANSI C and documented using trustedsoftware principles to ease the burden of accreditation. Several SAGEguards have already been accredited, including guards for the UnitedStates Department of Defense, the United States State Department, andthe United States Air Force.

While the invention has been described in detail and with reference tospecific embodiments thereof, it will be apparent to those skilled inthe art that various changes and modifications can be made thereinwithout departing from the spirit and scope thereof. Thus, it isintended that the present invention cover the modifications andvariations of this invention provided they come within the scope of theappended claims and their equivalents.

1. A computer program product for a trusted operating system, stored ona computer readable storage medium, the trusted operating systemcomprising: a first set of computer readable code, the first set ofcomputer readable code comprising an application domain, in whichtrusted and untrusted applications can be executed; a second set ofcomputer readable code, the second set of computer readable codecomprising an operating system services layer, wherein the operatingsystem services layer provides interfaces allowing applications writtenfor at least one other operating system to be run in the trustedoperating system, whereby the operating system services layer emulatesthe at least one other operating systems; a third set of computerreadable code, the third set of computer readable code comprising atrusted system services layer, and, a fourth set of computer readablecode, the fourth set of computer readable code comprising a securitykernel, for enforcing system security policy and integrity rules, andfor providing basic operating system services, including facilitatinguser and administrator actions,wherein the system security policy isimplemented by a set of security rules designed to protect a firstprocess from unauthorized access by a second process having a securitylevel different than that of said first process, and wherein theintegrity rules protect information from unauthorized modification. 2.The computer program product of claim 1, wherein the kernel layerenforces mandatory security, mandatory integrity, and subtype controlwithin the trusted operating system.
 3. The computer program product ofclaim 1, wherein user login failures are monitored to detect theaccumulation of events that indicate an imminent security policyviolation.
 4. The computer program product of claim 1, wherein thetrusted software includes trusted databases.
 5. The computer programproduct of claim 1, further comprising a Reference Monitor.
 6. Thecomputer program product of claim 1, wherein the security kernelenforces process isolation to keep untrusted software from accessingworking data associated with trusted software processes.
 7. The computerprogram product of claim 1, wherein at least one of the at least oneother operating systems emulated by the operating system services layeris an open source operating system.
 8. The computer program product ofclaim 1, wherein applications operating in the application domain caninterface with only the operating system services layer, and cannot callfunctions provided by the trusted system services or kernel layerdirectly.
 9. The computer program product of claim 1, wherein thetrusted operating system utilizes multi-domain process isolationcapabilities in the hardware on which the operating system is running toensure process isolation.
 10. The computer program product of claim 9,wherein the hardware multi-domain process isolation capability restrictsaccess to segments, pages, and instructions.
 11. The computer programproduct of claim 10, wherein the hardware multi-domain process isolationcapability also provides multiple checks for protections violationswithin memory references.
 12. The computer program product of claim 1,wherein the application domain allows at least one developmentenvironment to be run.
 13. The computer program product of claim 12,wherein the development environment is an integrated developmentenvironment.
 14. The computer program product of claim 1, wherein thesecurity kernel separates users and data by enforcing mandatory securityand mandatory integrity access controls.
 15. The computer programproduct of claim 14, wherein the trusted operating system furtherseparates users and data by enforcing discretionary access controls. 16.The computer program product of claim 15, wherein the trusted operatingsystem separates administrator and operator roles using an integritypolicy.
 17. The computer program product of claim 16, wherein thetrusted operating system enforces the principle of least privilege foradministrator and operator roles.
 18. The computer program product ofclaim 14, wherein the user and administrator actions are audited in atleast one audit log.
 19. The computer program product of claim 18,wherein at least one audit log is protected from modification.
 20. Thecomputer program product of claim 19, wherein all audit logs areprotected from modification.
 21. The computer program product of claim1, wherein the security kernel allows users with different clearances tosimultaneously store and process information that exists at differentclassification levels.
 22. The computer program product of claim 21,wherein the security kernel allows the user to process data only whenthat data is at the user's integrity level or a higher integrity level.23. The computer program product of claim 1, wherein the operatingsystem services layer further provides at least one proprietary API tomanage and use trusted aspects of the trusted system services layer. 24.The computer program product of claim 23, wherein the operating systemservices layer translates API calls into trusted operating systemprimitives provided by the security kernel and trusted system serviceslayers.
 25. A computer program product stored on a computer readablemedium, the computer program product comprising a trusted operatingsystem which emulates another operating system by allowing anapplication program written for the other operating system to execute onthe trusted operating system without requiring changes to theapplication program, wherein the trusted operating system includes asecurity kernel, for enforcing system security policy and integrityrules, and for providing basic operating system services for the trustedoperating system, including facilitating user and administrator actions,wherein the system security policy is implemented by a set of securityrules designed to protect a first process from unauthorized access by asecond process having a security level different than that of said firstprocess and wherein the integrity rules protect information fromunauthorized modification.
 26. The computer program product of claim 25,wherein the emulated operating system is an open source operatingsystem.